Hello,
Original Post by Acyd Burn
8)
phpBB3 Release Candidate 1 (RC1) Released
Subject: Re: PhpBB3 Release Candidate 1 (RC1) Released
Ironic that Icy goes final when phpbb3 RC1 finally comes out
Subject: Re: phpBB3 Release Candidate 1 (RC1) Released
He he he... Icy Phoenix has been released just a couple of hours before phpBB3 :LOL: !
tonyf12 wrote: [View Post]
He he he... Icy Phoenix has been released just a couple of hours before phpBB3 :LOL: !
Subject: Re: phpBB3 Release Candidate 1 (RC1) Released
Oooh ayy!... the phpbb webste finally looks decent!
One thing that suprises me about phpbb3 is that it doesn't look like they've done much to improve security, or rather to adopt a better standard of programming practice. In particular what I'm referring to is the includes library - using the .php file extension on function files which are only ever meant to be included, never called directly. As we know from the past, any mods that add files or changes to the includes directory, and which do not declare variables properly, can then be executed, with values being parsed to a variable, opening the way for remote file inclusions. Simply by changing the extension of files in includes from .php to something like .lib - e.g. functions.lib, would then mean that the files can never be executed directly (unless a suicidal admin changed the extension settings in his php server!). And after all, calling them something like .lib is more appropriate to their purpose - as libraries of functions, rather than something to be executed, just as this is the standard practice of file naming in C++. In fact it is just general common sense!
BTW hi everybody :mrgreen:
One thing that suprises me about phpbb3 is that it doesn't look like they've done much to improve security, or rather to adopt a better standard of programming practice. In particular what I'm referring to is the includes library - using the .php file extension on function files which are only ever meant to be included, never called directly. As we know from the past, any mods that add files or changes to the includes directory, and which do not declare variables properly, can then be executed, with values being parsed to a variable, opening the way for remote file inclusions. Simply by changing the extension of files in includes from .php to something like .lib - e.g. functions.lib, would then mean that the files can never be executed directly (unless a suicidal admin changed the extension settings in his php server!). And after all, calling them something like .lib is more appropriate to their purpose - as libraries of functions, rather than something to be executed, just as this is the standard practice of file naming in C++. In fact it is just general common sense!
BTW hi everybody :mrgreen:
Subject: Re: phpBB3 Release Candidate 1 (RC1) Released
And finally phpBB 3 went GOLD! :shock:
Congratulations to all phpBB world! :mricy:
Congratulations to all phpBB world! :mricy:
Page 1 of 1
You cannot post new topicsYou cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events
This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Powered by Icy Phoenix based on phpBB
Generation Time: 0.1651s (PHP: 11% SQL: 89%)
SQL queries: 14 - Debug Off - GZIP Enabled